Tutorial XUIONE HACKING PROTECTION!

[netteflix]

Hey folks,

(Please share with your friends whoever uses XUIONE,22F,Mods,etc...)

[LIKES=]You've probably heard that some piece of crap recently exploited a few vulnerabilities in XUIONE, hacked into the system, and demanded 1000 euros in ransom after taking control of the database. Well, I’m here to tell you NOT to give this motherfucker even a penny. I’m offering you a 100% foolproof solution to bury these losers in the trash heap of history. If you follow these steps, your XUIONE panel will be safe and sound.

Step 1 - Don’t use SSL! Remove OpenSSL and close any unnecessary open ports!

Run:

apt remove openssl -y

Now, let’s clean up unnecessary lines from your nginx.conf file located inside nginx_rtmp.

Open the file:

nano /home/xui/bin/nginx_rtmp/conf/nginx.conf

Delete everything except the following lines:

user xui;
worker_processes  auto;
worker_rlimit_nofile 300000;

events {
    worker_connections  16000;
    use epoll;
    accept_mutex on;
    multi_accept on;
}

Step 2 - Restrict database access to only LB IPs and your IP!

Even if someone somehow gets your database credentials, they won’t be able to access it!

Create a shell script, for example, block.sh, and add the following content:

First, let's learn where's your iptables?

which iptables

mine is in /sbin/iptables so create the bash script (block.sh)

/sbin/iptables -I INPUT 1 -p tcp -s mainIP --dport 3306 -j ACCEPT
/sbin/iptables -I INPUT 2 -p tcp -s BalanceIP1 --dport 3306 -j ACCEPT
/sbin/iptables -I INPUT 3 -p tcp -s BalanceIP2 --dport 3306 -j ACCEPT
/sbin/iptables -I INPUT 4 -p tcp -s BalanceIP3 --dport 3306 -j ACCEPT
/sbin/iptables -I INPUT 5 -p tcp -s YourLOCALIP --dport 3306 -j ACCEPT
/sbin/iptables -I INPUT 6 -p tcp --dport 3306 -j DROP

Replace the IP addresses with your own and save the file.

Then, make it executable and run it:

chmod +x block.sh
./block.sh

This will block port 3306 (MySQL port) from any IP address except the ones you've specified.

So folks, follow these steps and you won’t give this loser even a penny while keeping your system secure!

Please ask if you need anything else! I'll do my best for you against that kind of motherfuckers. Hehe[/LIKES]

 

[seagate]

why exactly NOT to use OPENSSL?
is there a risk if almost the newest NGINX 1.26 with the new OPENSSL is used?

 

[CentOS]

why exactly NOT to use OPENSSL?
is there a risk if almost the newest NGINX 1.26 with the new OPENSSL is used?

Please explain why

apt remove openssl -y

the openssl library inside the ubuntu package always has security fixes as long as you use a non-obsolete distro, so I don't see a problem

 

[netteflix]

Please explain why

apt remove openssl -y

the openssl library inside the ubuntu package always has security fixes as long as you use a non-obsolete distro, so I don't see a problem

There's SSL Vulnerabilities. Listening ssl ports and grabbing user info easily!

 

[smart_tech]

/sbin/iptables -I INPUT 1 -p tcp -s mainIP --dport 3306 -j ACCEPT /sbin/iptables -I INPUT 2 -p tcp -s BalanceIP1 --dport 3306 -j ACCEPT /sbin/iptables -I INPUT 3 -p tcp -s BalanceIP2 --dport 3306 -j ACCEPT /sbin/iptables -I INPUT 4 -p tcp -s BalanceIP3 --dport 3306 -j ACCEPT /sbin/iptables -I INPUT 5 -p tcp -s YourLOCALIP --dport 3306 -j ACCEPT /sbin/iptables -I INPUT 6 -p tcp --dport 3306 -j DROP

Where is says BalanceIP should I keep as it is or change to my LBs IPs?

Because I have done steps above but my dashboard become inaccessible.

 

[vigilance]

Where is says BalanceIP should I keep as it is or change to my LBs IPs?

Because I have done steps above but my dashboard become inaccessible.

change to your IP's

 

[smart_tech]

change to your IP's

I did. Idk why my dashboard become inaccessible even with my local IP in the list. I displayed a message failed to connect to DB instead.

 

[DgBrasil]

I already use the MySQL block, allowing access only to my fixed IP and to the LBs.
In addition, SSH access is only allowed to my IP on all machines.

 

[TeslaVision]

Already explained that in different groups, on Telegram, Discord and some forums so i will repeat myself... This is not a hack or a xui.one new discovered breach... All people getting blackmailed have same thing in common they have at least one server from one of the knows scammers/liars... They just didn't wznt to stop there and blackmailing you... No one using servers they buy from me got "hacked" also no one using servers from real trusted sellers got "hacked"... So unfortunately they were able to steal your DB because tbey simply have easy access to your DB from at least one of the servers they sell to you...



Its always sad to hear such things but people come to me to buy servers from me after they finally saw that its better to maybe pay a little more but at least avoid lies, and scam... (and now blackmail...)



Good luck to anyone that got into this situation cause of those pieces of sh**...

 

[OneStage]

1. It is better to create your own vpn udp protocol for access ssh etc. via vpn but who does not want to
2. Add crowdsec to protect your ports
3. use Port knocking methode for ssh.
4. Block all incoming and outgoing ports except the ports you are using.
5. Check your logs daily.
6. Do not touch a running system, if you have fixed it all, do not play with your system, buy another small server and do your tests there.

 

[urgodfather]

Info - XUI.one Update 1.5.13

Update 1.5.13 Released [CRITICAL] Patched an exploit in the System API that could allow for remote read and write if leveraged correctly. [Core] Reverted EPG system to previous MySQL based system to fix a bug where EPG wasn't being retained. [Core] Fixed EPG API calls and images New Install...

www.worldofiptv.com